We're just shouting into the void, says US watchdog offering cybersecurity advice Since coming into office two years ago, the Biden Administration has made the cyber defenses of US government agencies – as well as the private sector – a key focus. However, the US Government Accountability Office (GAO) – Congress' auditing and investigative arm – says that since 2010, it has made about 335 cybersecurity …
The GAO spake thusly: "A full-scale quantum computer has the potential to break standard encryption technologies, creating a major information security risk. As a result, the federal government's cybersecurity infrastructure will need to evolve to address this threat."
But of course the friendly folk at Fort Meade are investing heavily to build "a full-scale quantum computer".......so that the friendly folk at Fort Meade can break the "cybersecurity infrastructure" of anyone else.
Your taxpayer dollar at work.....we are the good guys....it's those others who are a threat!
What....cynical......moi?
Look at the way the government works, we're going to "ban" all these cybersecurity attacks and we think it will help us?
But look at how things have gone with the government's "drug war" to fight everyone who used to just smoke and snort a little 40 years ago ... the drug war has vastly increased drug consumption and the dealers are now making vastly more money from drugs while making drugs far worse then they ever were. Are we seeing the same events now with cybersecurity - I'm seeing my daily malware detection's are going way up all the time ... will the cybersecurity way be as effective as the drug war?
Quote: ".....break standard encryption technologies...."
So....my buddies and I are using D/H with a 60,000 bit safe prime. You know.....peer-to-peer across Gmail......
Ah!!.....no Signal, no Telegram.......just a nice simple D/H application which we wrote and we control.......
Are we using RSA....or IDEA....or AES.....or samba20? That's for us to know....and for the snoops to find out....
Good luck with "standard encryption technologies"......
@Kevin_McMurtrie
Yo!! Kevin!! There are multiple people with your name on LinkedIn.........which one are you? Glasgow? Sunnyvale? Atlanta? Somewhere else?
I'm AC..............look up Edward Teach...... In Bermuda? In North Carolina?..... Dead? ....or what?
Is your "anonymizer" better than mine? I'm sure you will let us all know!!
Seriously. How in the 4377 is the Fed government using the likes of Solar Winds for systems with sensitive information in the first place?
Doubtlessly, as our government is suppose to be "for the people", there is a need for a LOT of information to be made public. But NONE of that should have any ability to feed back into the actual backend systems that store & process the data. AND--those back end systems have no need to be on the public internet at all.
But when Hillary Clinton is your model for handling secure data (looking at YOU, Trump...Biden...Pence...???), I guess it's unreasonable to expect even the most basic rule to be taken seriously, let alone be implemented.
Update firmware? But the manufacturer doesn’t support that model any more. Buy a new one!
Critical infrastructure covered by public funding? No budget for that!
Private operations threatened? Meh, it’ll never happen to me.
It’s compounded by the “Next” device supposed to provide cover inevitably being broken within weeks of launch; thus living with existing risk and Swiss cheese models is order of the day. It cost, much pain, little gain.
The only way to force the issue is a knee jerk response to an actual attack on something important.
"Critical infrastructure covered by public funding? No budget for that!"
And we you have it in one!
Dear US Congress,
Write an actual BILL, shocking I know since you only do "continuing resolutions" these days since you are so inept, that allocates FUNDS specifically to implement Cyber Security! I believe that bill would be a whopping three lines long.
And yes, you are, Congress, a bunch of village idiots.
It's worse than that. Often, the mandates are one-size-fits-none insanities that no one in the private sector does, even so called "security" companies. Or there are so many competing mandates that there isn't time to get anything done, and mandatory reporting on what you aren't doing takes up all your time to actually implement anything.
335 "recommendations"? NIST SP 800-53 has fewer controls than that for a LOW enclave. It's a huge deal to actually write and implement a plan to address each NIST SP 800-53 control, and those tend to be (mostly) well thought out.
The whole supply chain management requirements are precisely what causes government shops to be so incredibly slow about adoption of standard tools or pivoting away from tools that are no longer a good idea -- because the review process is so burdensome.
0l8zupKZwTeBaNQbcRaxSLgPCVAZ2VUpQ5ILYtKL8rGLgn6TIRY5efaV43qjCDGN47O1Qx6jEtM3
oD2ByzUdinARGBwP0D6bCFU1ehIfsdIH4fo1S9wpMxeRIBIJYt8laxOTczgBu9afyvCvexg16Jy5
QJGBUlOLe3EPMHgpcL0BWRmXqJALMtQnAJYDiDQZwFmtoVQ5E1qLs10FS1OlGPenkjo9I9i7YTUJ
c7kpwfonczq3AXCb6NuzENsFkNgV6nC5IlALWVcn6t6XaxGBQDeRU9Kr03G5kvmBULyRm3w7cl41
Irqx47yVIN0xwjUjAf6P85qlct4RiZCLonudSr0BidaBg5CbIbeFENk90lSRozm52lE1I9Atg3EN
CFEJGf2Jm3iZyfIlKNaPm1a1avEHa5sVAtGByjA3wzqvkj8N2D4PEl6zuBWNClOXAvO9Y7qVadip
29WnCpSLIlKRmXwHOTMHSNC98BMNyhUdarKB0JqngxW1gZ4n69Cb4tuvE5AvuHkLSzO3YBerczGn
URarq9GRyFgtgrsFOnWVOzC9cfwT6Foz4jUhubW5CvkVGbefkLa9G58nk1Ct87CPUfan4xs5Ylgh
cPmLc7QTCVQj0h6RSHqNijO3Ufq9KV2NivMlYHmzgL4vytahSNi5GnoFo1YfWnSBAlyhexWDGToJ
6l85O9ET0ZST2bmHg9KTIrIl23CVCRYzmzoXa3iReXeLorGvc30von0zqPcz2zi3S7eR2bSDqRet
Y1SLstS3uvSFstWTUT89MRkvWFqb0JcraH87CVg3wdSlovG58x8FM3ahA10BOd87OBEpSj65qHm1
mLwJCDMvqTkF0v4TcrIJGPqb0R45Sl2fCrKXuZa9ozenQzapwTCdAZcJ8VU9SvgXuzUNSTQ3ixOb
2rKTOhyb
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
